-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.go
189 lines (170 loc) · 5.94 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
/*
Copyright IBM Corp. All Rights Reserved.
SPDX-License-Identifier: Apache-2.0
*/
package comm
import (
"crypto/tls"
"time"
"github.com/spf13/viper"
"google.golang.org/grpc"
"google.golang.org/grpc/keepalive"
)
var (
// Is the configuration cached?
configurationCached = false
// Is TLS enabled
tlsEnabled bool
// Max send and receive bytes for grpc clients and servers
maxRecvMsgSize = 100 * 1024 * 1024
maxSendMsgSize = 100 * 1024 * 1024
// Default peer keepalive options
keepaliveOptions = &KeepaliveOptions{
ClientInterval: time.Duration(1) * time.Minute, // 1 min
ClientTimeout: time.Duration(20) * time.Second, // 20 sec - gRPC default
ServerInterval: time.Duration(2) * time.Hour, // 2 hours - gRPC default
ServerTimeout: time.Duration(20) * time.Second, // 20 sec - gRPC default
ServerMinInterval: time.Duration(1) * time.Minute, // match ClientInterval
}
// strong TLS cipher suites
tlsCipherSuites = []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
}
)
// ServerConfig defines the parameters for configuring a GRPCServer instance
type ServerConfig struct {
// SecOpts defines the security parameters
SecOpts *SecureOptions
// KaOpts defines the keepalive parameters
KaOpts *KeepaliveOptions
}
// ClientConfig defines the parameters for configuring a GRPCClient instance
type ClientConfig struct {
// SecOpts defines the security parameters
SecOpts *SecureOptions
// KaOpts defines the keepalive parameters
KaOpts *KeepaliveOptions
// Timeout specifies how long the client will block when attempting to
// establish a connection
Timeout time.Duration
}
// SecureOptions defines the security parameters (e.g. TLS) for a
// GRPCServer instance
type SecureOptions struct {
// PEM-encoded X509 public key to be used for TLS communication
Certificate []byte
// PEM-encoded private key to be used for TLS communication
Key []byte
// Set of PEM-encoded X509 certificate authorities used by clients to
// verify server certificates
ServerRootCAs [][]byte
// Set of PEM-encoded X509 certificate authorities used by servers to
// verify client certificates
ClientRootCAs [][]byte
// Whether or not to use TLS for communication
UseTLS bool
// Whether or not TLS client must present certificates for authentication
RequireClientCert bool
// CipherSuites is a list of supported cipher suites for TLS
CipherSuites []uint16
}
// KeepAliveOptions is used to set the gRPC keepalive settings for both
// clients and servers
type KeepaliveOptions struct {
// ClientInterval is the duration after which if the client does not see
// any activity from the server it pings the server to see if it is alive
ClientInterval time.Duration
// ClientTimeout is the duration the client waits for a response
// from the server after sending a ping before closing the connection
ClientTimeout time.Duration
// ServerInterval is the duration after which if the server does not see
// any activity from the client it pings the client to see if it is alive
ServerInterval time.Duration
// ServerTimeout is the duration the server waits for a response
// from the client after sending a ping before closing the connection
ServerTimeout time.Duration
// ServerMinInterval is the minimum permitted time between client pings.
// If clients send pings more frequently, the server will disconnect them
ServerMinInterval time.Duration
}
// cacheConfiguration caches common package scoped variables
func cacheConfiguration() {
if !configurationCached {
tlsEnabled = viper.GetBool("peer.tls.enabled")
configurationCached = true
}
}
// TLSEnabled return cached value for "peer.tls.enabled" configuration value
func TLSEnabled() bool {
if !configurationCached {
cacheConfiguration()
}
return tlsEnabled
}
// MaxRecvMsgSize returns the maximum message size in bytes that gRPC clients
// and servers can receive
func MaxRecvMsgSize() int {
return maxRecvMsgSize
}
// SetMaxRecvMsgSize sets the maximum message size in bytes that gRPC clients
// and servers can receive
func SetMaxRecvMsgSize(size int) {
maxRecvMsgSize = size
}
// MaxSendMsgSize returns the maximum message size in bytes that gRPC clients
// and servers can send
func MaxSendMsgSize() int {
return maxSendMsgSize
}
// SetMaxSendMsgSize sets the maximum message size in bytes that gRPC clients
// and servers can send
func SetMaxSendMsgSize(size int) {
maxSendMsgSize = size
}
// DefaultKeepaliveOptions returns sane default keepalive settings for gRPC
// servers and clients
func DefaultKeepaliveOptions() *KeepaliveOptions {
return keepaliveOptions
}
// ServerKeepaliveOptions returns gRPC keepalive options for server. If
// opts is nil, the default keepalive options are returned
func ServerKeepaliveOptions(ka *KeepaliveOptions) []grpc.ServerOption {
// use default keepalive options if nil
if ka == nil {
ka = keepaliveOptions
}
var serverOpts []grpc.ServerOption
kap := keepalive.ServerParameters{
Time: ka.ServerInterval,
Timeout: ka.ServerTimeout,
}
serverOpts = append(serverOpts, grpc.KeepaliveParams(kap))
kep := keepalive.EnforcementPolicy{
MinTime: ka.ServerMinInterval,
// allow keepalive w/o rpc
PermitWithoutStream: true,
}
serverOpts = append(serverOpts, grpc.KeepaliveEnforcementPolicy(kep))
return serverOpts
}
// ClientKeepaliveOptions returns gRPC keepalive options for clients. If
// opts is nil, the default keepalive options are returned
func ClientKeepaliveOptions(ka *KeepaliveOptions) []grpc.DialOption {
// use default keepalive options if nil
if ka == nil {
ka = keepaliveOptions
}
var dialOpts []grpc.DialOption
kap := keepalive.ClientParameters{
Time: ka.ClientInterval,
Timeout: ka.ClientTimeout,
PermitWithoutStream: true,
}
dialOpts = append(dialOpts, grpc.WithKeepaliveParams(kap))
return dialOpts
}